1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* SCTP kernel implementation
3 * (C) Copyright IBM Corp. 2001, 2004
4 * Copyright (c) 1999-2000 Cisco, Inc.
5 * Copyright (c) 1999-2001 Motorola, Inc.
6 * Copyright (c) 2001-2003 Intel Corp.
7 *
8 * This file is part of the SCTP kernel implementation
9 *
10 * These functions implement the sctp_outq class. The outqueue handles
11 * bundling and queueing of outgoing SCTP chunks.
12 *
13 * Please send any bug reports or fixes you make to the
14 * email address(es):
15 * lksctp developers <linux-sctp@vger.kernel.org>
16 *
17 * Written or modified by:
18 * La Monte H.P. Yarroll <piggy@acm.org>
19 * Karl Knutson <karl@athena.chicago.il.us>
20 * Perry Melange <pmelange@null.cc.uic.edu>
21 * Xingang Guo <xingang.guo@intel.com>
22 * Hui Huang <hui.huang@nokia.com>
23 * Sridhar Samudrala <sri@us.ibm.com>
24 * Jon Grimm <jgrimm@us.ibm.com>
25 */
26
27 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
28
29 #include <linux/types.h>
30 #include <linux/list.h> /* For struct list_head */
31 #include <linux/socket.h>
32 #include <linux/ip.h>
33 #include <linux/slab.h>
34 #include <net/sock.h> /* For skb_set_owner_w */
35
36 #include <net/sctp/sctp.h>
37 #include <net/sctp/sm.h>
38 #include <net/sctp/stream_sched.h>
39
40 /* Declare internal functions here. */
41 static int sctp_acked(struct sctp_sackhdr *sack, __u32 tsn);
42 static void sctp_check_transmitted(struct sctp_outq *q,
43 struct list_head *transmitted_queue,
44 struct sctp_transport *transport,
45 union sctp_addr *saddr,
46 struct sctp_sackhdr *sack,
47 __u32 *highest_new_tsn);
48
49 static void sctp_mark_missing(struct sctp_outq *q,
50 struct list_head *transmitted_queue,
51 struct sctp_transport *transport,
52 __u32 highest_new_tsn,
53 int count_of_newacks);
54
55 static void sctp_outq_flush(struct sctp_outq *q, int rtx_timeout, gfp_t gfp);
56
57 /* Add data to the front of the queue. */
sctp_outq_head_data(struct sctp_outq * q,struct sctp_chunk * ch)58 static inline void sctp_outq_head_data(struct sctp_outq *q,
59 struct sctp_chunk *ch)
60 {
61 struct sctp_stream_out_ext *oute;
62 __u16 stream;
63
64 list_add(&ch->list, &q->out_chunk_list);
65 q->out_qlen += ch->skb->len;
66
67 stream = sctp_chunk_stream_no(ch);
68 oute = SCTP_SO(&q->asoc->stream, stream)->ext;
69 list_add(&ch->stream_list, &oute->outq);
70 }
71
72 /* Take data from the front of the queue. */
sctp_outq_dequeue_data(struct sctp_outq * q)73 static inline struct sctp_chunk *sctp_outq_dequeue_data(struct sctp_outq *q)
74 {
75 return q->sched->dequeue(q);
76 }
77
78 /* Add data chunk to the end of the queue. */
sctp_outq_tail_data(struct sctp_outq * q,struct sctp_chunk * ch)79 static inline void sctp_outq_tail_data(struct sctp_outq *q,
80 struct sctp_chunk *ch)
81 {
82 struct sctp_stream_out_ext *oute;
83 __u16 stream;
84
85 list_add_tail(&ch->list, &q->out_chunk_list);
86 q->out_qlen += ch->skb->len;
87
88 stream = sctp_chunk_stream_no(ch);
89 oute = SCTP_SO(&q->asoc->stream, stream)->ext;
90 list_add_tail(&ch->stream_list, &oute->outq);
91 }
92
93 /*
94 * SFR-CACC algorithm:
95 * D) If count_of_newacks is greater than or equal to 2
96 * and t was not sent to the current primary then the
97 * sender MUST NOT increment missing report count for t.
98 */
sctp_cacc_skip_3_1_d(struct sctp_transport * primary,struct sctp_transport * transport,int count_of_newacks)99 static inline int sctp_cacc_skip_3_1_d(struct sctp_transport *primary,
100 struct sctp_transport *transport,
101 int count_of_newacks)
102 {
103 if (count_of_newacks >= 2 && transport != primary)
104 return 1;
105 return 0;
106 }
107
108 /*
109 * SFR-CACC algorithm:
110 * F) If count_of_newacks is less than 2, let d be the
111 * destination to which t was sent. If cacc_saw_newack
112 * is 0 for destination d, then the sender MUST NOT
113 * increment missing report count for t.
114 */
sctp_cacc_skip_3_1_f(struct sctp_transport * transport,int count_of_newacks)115 static inline int sctp_cacc_skip_3_1_f(struct sctp_transport *transport,
116 int count_of_newacks)
117 {
118 if (count_of_newacks < 2 &&
119 (transport && !transport->cacc.cacc_saw_newack))
120 return 1;
121 return 0;
122 }
123
124 /*
125 * SFR-CACC algorithm:
126 * 3.1) If CYCLING_CHANGEOVER is 0, the sender SHOULD
127 * execute steps C, D, F.
128 *
129 * C has been implemented in sctp_outq_sack
130 */
sctp_cacc_skip_3_1(struct sctp_transport * primary,struct sctp_transport * transport,int count_of_newacks)131 static inline int sctp_cacc_skip_3_1(struct sctp_transport *primary,
132 struct sctp_transport *transport,
133 int count_of_newacks)
134 {
135 if (!primary->cacc.cycling_changeover) {
136 if (sctp_cacc_skip_3_1_d(primary, transport, count_of_newacks))
137 return 1;
138 if (sctp_cacc_skip_3_1_f(transport, count_of_newacks))
139 return 1;
140 return 0;
141 }
142 return 0;
143 }
144
145 /*
146 * SFR-CACC algorithm:
147 * 3.2) Else if CYCLING_CHANGEOVER is 1, and t is less
148 * than next_tsn_at_change of the current primary, then
149 * the sender MUST NOT increment missing report count
150 * for t.
151 */
sctp_cacc_skip_3_2(struct sctp_transport * primary,__u32 tsn)152 static inline int sctp_cacc_skip_3_2(struct sctp_transport *primary, __u32 tsn)
153 {
154 if (primary->cacc.cycling_changeover &&
155 TSN_lt(tsn, primary->cacc.next_tsn_at_change))
156 return 1;
157 return 0;
158 }
159
160 /*
161 * SFR-CACC algorithm:
162 * 3) If the missing report count for TSN t is to be
163 * incremented according to [RFC2960] and
164 * [SCTP_STEWART-2002], and CHANGEOVER_ACTIVE is set,
165 * then the sender MUST further execute steps 3.1 and
166 * 3.2 to determine if the missing report count for
167 * TSN t SHOULD NOT be incremented.
168 *
169 * 3.3) If 3.1 and 3.2 do not dictate that the missing
170 * report count for t should not be incremented, then
171 * the sender SHOULD increment missing report count for
172 * t (according to [RFC2960] and [SCTP_STEWART_2002]).
173 */
sctp_cacc_skip(struct sctp_transport * primary,struct sctp_transport * transport,int count_of_newacks,__u32 tsn)174 static inline int sctp_cacc_skip(struct sctp_transport *primary,
175 struct sctp_transport *transport,
176 int count_of_newacks,
177 __u32 tsn)
178 {
179 if (primary->cacc.changeover_active &&
180 (sctp_cacc_skip_3_1(primary, transport, count_of_newacks) ||
181 sctp_cacc_skip_3_2(primary, tsn)))
182 return 1;
183 return 0;
184 }
185
186 /* Initialize an existing sctp_outq. This does the boring stuff.
187 * You still need to define handlers if you really want to DO
188 * something with this structure...
189 */
sctp_outq_init(struct sctp_association * asoc,struct sctp_outq * q)190 void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q)
191 {
192 memset(q, 0, sizeof(struct sctp_outq));
193
194 q->asoc = asoc;
195 INIT_LIST_HEAD(&q->out_chunk_list);
196 INIT_LIST_HEAD(&q->control_chunk_list);
197 INIT_LIST_HEAD(&q->retransmit);
198 INIT_LIST_HEAD(&q->sacked);
199 INIT_LIST_HEAD(&q->abandoned);
200 sctp_sched_set_sched(asoc, sctp_sk(asoc->base.sk)->default_ss);
201 }
202
203 /* Free the outqueue structure and any related pending chunks.
204 */
__sctp_outq_teardown(struct sctp_outq * q)205 static void __sctp_outq_teardown(struct sctp_outq *q)
206 {
207 struct sctp_transport *transport;
208 struct list_head *lchunk, *temp;
209 struct sctp_chunk *chunk, *tmp;
210
211 /* Throw away unacknowledged chunks. */
212 list_for_each_entry(transport, &q->asoc->peer.transport_addr_list,
213 transports) {
214 while ((lchunk = sctp_list_dequeue(&transport->transmitted)) != NULL) {
215 chunk = list_entry(lchunk, struct sctp_chunk,
216 transmitted_list);
217 /* Mark as part of a failed message. */
218 sctp_chunk_fail(chunk, q->error);
219 sctp_chunk_free(chunk);
220 }
221 }
222
223 /* Throw away chunks that have been gap ACKed. */
224 list_for_each_safe(lchunk, temp, &q->sacked) {
225 list_del_init(lchunk);
226 chunk = list_entry(lchunk, struct sctp_chunk,
227 transmitted_list);
228 sctp_chunk_fail(chunk, q->error);
229 sctp_chunk_free(chunk);
230 }
231
232 /* Throw away any chunks in the retransmit queue. */
233 list_for_each_safe(lchunk, temp, &q->retransmit) {
234 list_del_init(lchunk);
235 chunk = list_entry(lchunk, struct sctp_chunk,
236 transmitted_list);
237 sctp_chunk_fail(chunk, q->error);
238 sctp_chunk_free(chunk);
239 }
240
241 /* Throw away any chunks that are in the abandoned queue. */
242 list_for_each_safe(lchunk, temp, &q->abandoned) {
243 list_del_init(lchunk);
244 chunk = list_entry(lchunk, struct sctp_chunk,
245 transmitted_list);
246 sctp_chunk_fail(chunk, q->error);
247 sctp_chunk_free(chunk);
248 }
249
250 /* Throw away any leftover data chunks. */
251 while ((chunk = sctp_outq_dequeue_data(q)) != NULL) {
252 sctp_sched_dequeue_done(q, chunk);
253
254 /* Mark as send failure. */
255 sctp_chunk_fail(chunk, q->error);
256 sctp_chunk_free(chunk);
257 }
258
259 /* Throw away any leftover control chunks. */
260 list_for_each_entry_safe(chunk, tmp, &q->control_chunk_list, list) {
261 list_del_init(&chunk->list);
262 sctp_chunk_free(chunk);
263 }
264 }
265
sctp_outq_teardown(struct sctp_outq * q)266 void sctp_outq_teardown(struct sctp_outq *q)
267 {
268 __sctp_outq_teardown(q);
269 sctp_outq_init(q->asoc, q);
270 }
271
272 /* Free the outqueue structure and any related pending chunks. */
sctp_outq_free(struct sctp_outq * q)273 void sctp_outq_free(struct sctp_outq *q)
274 {
275 /* Throw away leftover chunks. */
276 __sctp_outq_teardown(q);
277 }
278
279 /* Put a new chunk in an sctp_outq. */
sctp_outq_tail(struct sctp_outq * q,struct sctp_chunk * chunk,gfp_t gfp)280 void sctp_outq_tail(struct sctp_outq *q, struct sctp_chunk *chunk, gfp_t gfp)
281 {
282 struct net *net = sock_net(q->asoc->base.sk);
283
284 pr_debug("%s: outq:%p, chunk:%p[%s]\n", __func__, q, chunk,
285 chunk && chunk->chunk_hdr ?
286 sctp_cname(SCTP_ST_CHUNK(chunk->chunk_hdr->type)) :
287 "illegal chunk");
288
289 /* If it is data, queue it up, otherwise, send it
290 * immediately.
291 */
292 if (sctp_chunk_is_data(chunk)) {
293 pr_debug("%s: outqueueing: outq:%p, chunk:%p[%s])\n",
294 __func__, q, chunk, chunk && chunk->chunk_hdr ?
295 sctp_cname(SCTP_ST_CHUNK(chunk->chunk_hdr->type)) :
296 "illegal chunk");
297
298 sctp_outq_tail_data(q, chunk);
299 if (chunk->asoc->peer.prsctp_capable &&
300 SCTP_PR_PRIO_ENABLED(chunk->sinfo.sinfo_flags))
301 chunk->asoc->sent_cnt_removable++;
302 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED)
303 SCTP_INC_STATS(net, SCTP_MIB_OUTUNORDERCHUNKS);
304 else
305 SCTP_INC_STATS(net, SCTP_MIB_OUTORDERCHUNKS);
306 } else {
307 list_add_tail(&chunk->list, &q->control_chunk_list);
308 SCTP_INC_STATS(net, SCTP_MIB_OUTCTRLCHUNKS);
309 }
310
311 if (!q->cork)
312 sctp_outq_flush(q, 0, gfp);
313 }
314
315 /* Insert a chunk into the sorted list based on the TSNs. The retransmit list
316 * and the abandoned list are in ascending order.
317 */
sctp_insert_list(struct list_head * head,struct list_head * new)318 static void sctp_insert_list(struct list_head *head, struct list_head *new)
319 {
320 struct list_head *pos;
321 struct sctp_chunk *nchunk, *lchunk;
322 __u32 ntsn, ltsn;
323 int done = 0;
324
325 nchunk = list_entry(new, struct sctp_chunk, transmitted_list);
326 ntsn = ntohl(nchunk->subh.data_hdr->tsn);
327
328 list_for_each(pos, head) {
329 lchunk = list_entry(pos, struct sctp_chunk, transmitted_list);
330 ltsn = ntohl(lchunk->subh.data_hdr->tsn);
331 if (TSN_lt(ntsn, ltsn)) {
332 list_add(new, pos->prev);
333 done = 1;
334 break;
335 }
336 }
337 if (!done)
338 list_add_tail(new, head);
339 }
340
sctp_prsctp_prune_sent(struct sctp_association * asoc,struct sctp_sndrcvinfo * sinfo,struct list_head * queue,int msg_len)341 static int sctp_prsctp_prune_sent(struct sctp_association *asoc,
342 struct sctp_sndrcvinfo *sinfo,
343 struct list_head *queue, int msg_len)
344 {
345 struct sctp_chunk *chk, *temp;
346
347 list_for_each_entry_safe(chk, temp, queue, transmitted_list) {
348 struct sctp_stream_out *streamout;
349
350 if (!chk->msg->abandoned &&
351 (!SCTP_PR_PRIO_ENABLED(chk->sinfo.sinfo_flags) ||
352 chk->sinfo.sinfo_timetolive <= sinfo->sinfo_timetolive))
353 continue;
354
355 chk->msg->abandoned = 1;
356 list_del_init(&chk->transmitted_list);
357 sctp_insert_list(&asoc->outqueue.abandoned,
358 &chk->transmitted_list);
359
360 streamout = SCTP_SO(&asoc->stream, chk->sinfo.sinfo_stream);
361 asoc->sent_cnt_removable--;
362 asoc->abandoned_sent[SCTP_PR_INDEX(PRIO)]++;
363 streamout->ext->abandoned_sent[SCTP_PR_INDEX(PRIO)]++;
364
365 if (queue != &asoc->outqueue.retransmit &&
366 !chk->tsn_gap_acked) {
367 if (chk->transport)
368 chk->transport->flight_size -=
369 sctp_data_size(chk);
370 asoc->outqueue.outstanding_bytes -= sctp_data_size(chk);
371 }
372
373 msg_len -= chk->skb->truesize + sizeof(struct sctp_chunk);
374 if (msg_len <= 0)
375 break;
376 }
377
378 return msg_len;
379 }
380
sctp_prsctp_prune_unsent(struct sctp_association * asoc,struct sctp_sndrcvinfo * sinfo,int msg_len)381 static int sctp_prsctp_prune_unsent(struct sctp_association *asoc,
382 struct sctp_sndrcvinfo *sinfo, int msg_len)
383 {
384 struct sctp_outq *q = &asoc->outqueue;
385 struct sctp_chunk *chk, *temp;
386
387 q->sched->unsched_all(&asoc->stream);
388
389 list_for_each_entry_safe(chk, temp, &q->out_chunk_list, list) {
390 if (!chk->msg->abandoned &&
391 (!(chk->chunk_hdr->flags & SCTP_DATA_FIRST_FRAG) ||
392 !SCTP_PR_PRIO_ENABLED(chk->sinfo.sinfo_flags) ||
393 chk->sinfo.sinfo_timetolive <= sinfo->sinfo_timetolive))
394 continue;
395
396 chk->msg->abandoned = 1;
397 sctp_sched_dequeue_common(q, chk);
398 asoc->sent_cnt_removable--;
399 asoc->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
400 if (chk->sinfo.sinfo_stream < asoc->stream.outcnt) {
401 struct sctp_stream_out *streamout =
402 SCTP_SO(&asoc->stream, chk->sinfo.sinfo_stream);
403
404 streamout->ext->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
405 }
406
407 msg_len -= chk->skb->truesize + sizeof(struct sctp_chunk);
408 sctp_chunk_free(chk);
409 if (msg_len <= 0)
410 break;
411 }
412
413 q->sched->sched_all(&asoc->stream);
414
415 return msg_len;
416 }
417
418 /* Abandon the chunks according their priorities */
sctp_prsctp_prune(struct sctp_association * asoc,struct sctp_sndrcvinfo * sinfo,int msg_len)419 void sctp_prsctp_prune(struct sctp_association *asoc,
420 struct sctp_sndrcvinfo *sinfo, int msg_len)
421 {
422 struct sctp_transport *transport;
423
424 if (!asoc->peer.prsctp_capable || !asoc->sent_cnt_removable)
425 return;
426
427 msg_len = sctp_prsctp_prune_sent(asoc, sinfo,
428 &asoc->outqueue.retransmit,
429 msg_len);
430 if (msg_len <= 0)
431 return;
432
433 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
434 transports) {
435 msg_len = sctp_prsctp_prune_sent(asoc, sinfo,
436 &transport->transmitted,
437 msg_len);
438 if (msg_len <= 0)
439 return;
440 }
441
442 sctp_prsctp_prune_unsent(asoc, sinfo, msg_len);
443 }
444
445 /* Mark all the eligible packets on a transport for retransmission. */
sctp_retransmit_mark(struct sctp_outq * q,struct sctp_transport * transport,__u8 reason)446 void sctp_retransmit_mark(struct sctp_outq *q,
447 struct sctp_transport *transport,
448 __u8 reason)
449 {
450 struct list_head *lchunk, *ltemp;
451 struct sctp_chunk *chunk;
452
453 /* Walk through the specified transmitted queue. */
454 list_for_each_safe(lchunk, ltemp, &transport->transmitted) {
455 chunk = list_entry(lchunk, struct sctp_chunk,
456 transmitted_list);
457
458 /* If the chunk is abandoned, move it to abandoned list. */
459 if (sctp_chunk_abandoned(chunk)) {
460 list_del_init(lchunk);
461 sctp_insert_list(&q->abandoned, lchunk);
462
463 /* If this chunk has not been previousely acked,
464 * stop considering it 'outstanding'. Our peer
465 * will most likely never see it since it will
466 * not be retransmitted
467 */
468 if (!chunk->tsn_gap_acked) {
469 if (chunk->transport)
470 chunk->transport->flight_size -=
471 sctp_data_size(chunk);
472 q->outstanding_bytes -= sctp_data_size(chunk);
473 q->asoc->peer.rwnd += sctp_data_size(chunk);
474 }
475 continue;
476 }
477
478 /* If we are doing retransmission due to a timeout or pmtu
479 * discovery, only the chunks that are not yet acked should
480 * be added to the retransmit queue.
481 */
482 if ((reason == SCTP_RTXR_FAST_RTX &&
483 (chunk->fast_retransmit == SCTP_NEED_FRTX)) ||
484 (reason != SCTP_RTXR_FAST_RTX && !chunk->tsn_gap_acked)) {
485 /* RFC 2960 6.2.1 Processing a Received SACK
486 *
487 * C) Any time a DATA chunk is marked for
488 * retransmission (via either T3-rtx timer expiration
489 * (Section 6.3.3) or via fast retransmit
490 * (Section 7.2.4)), add the data size of those
491 * chunks to the rwnd.
492 */
493 q->asoc->peer.rwnd += sctp_data_size(chunk);
494 q->outstanding_bytes -= sctp_data_size(chunk);
495 if (chunk->transport)
496 transport->flight_size -= sctp_data_size(chunk);
497
498 /* sctpimpguide-05 Section 2.8.2
499 * M5) If a T3-rtx timer expires, the
500 * 'TSN.Missing.Report' of all affected TSNs is set
501 * to 0.
502 */
503 chunk->tsn_missing_report = 0;
504
505 /* If a chunk that is being used for RTT measurement
506 * has to be retransmitted, we cannot use this chunk
507 * anymore for RTT measurements. Reset rto_pending so
508 * that a new RTT measurement is started when a new
509 * data chunk is sent.
510 */
511 if (chunk->rtt_in_progress) {
512 chunk->rtt_in_progress = 0;
513 transport->rto_pending = 0;
514 }
515
516 /* Move the chunk to the retransmit queue. The chunks
517 * on the retransmit queue are always kept in order.
518 */
519 list_del_init(lchunk);
520 sctp_insert_list(&q->retransmit, lchunk);
521 }
522 }
523
524 pr_debug("%s: transport:%p, reason:%d, cwnd:%d, ssthresh:%d, "
525 "flight_size:%d, pba:%d\n", __func__, transport, reason,
526 transport->cwnd, transport->ssthresh, transport->flight_size,
527 transport->partial_bytes_acked);
528 }
529
530 /* Mark all the eligible packets on a transport for retransmission and force
531 * one packet out.
532 */
sctp_retransmit(struct sctp_outq * q,struct sctp_transport * transport,enum sctp_retransmit_reason reason)533 void sctp_retransmit(struct sctp_outq *q, struct sctp_transport *transport,
534 enum sctp_retransmit_reason reason)
535 {
536 struct net *net = sock_net(q->asoc->base.sk);
537
538 switch (reason) {
539 case SCTP_RTXR_T3_RTX:
540 SCTP_INC_STATS(net, SCTP_MIB_T3_RETRANSMITS);
541 sctp_transport_lower_cwnd(transport, SCTP_LOWER_CWND_T3_RTX);
542 /* Update the retran path if the T3-rtx timer has expired for
543 * the current retran path.
544 */
545 if (transport == transport->asoc->peer.retran_path)
546 sctp_assoc_update_retran_path(transport->asoc);
547 transport->asoc->rtx_data_chunks +=
548 transport->asoc->unack_data;
549 break;
550 case SCTP_RTXR_FAST_RTX:
551 SCTP_INC_STATS(net, SCTP_MIB_FAST_RETRANSMITS);
552 sctp_transport_lower_cwnd(transport, SCTP_LOWER_CWND_FAST_RTX);
553 q->fast_rtx = 1;
554 break;
555 case SCTP_RTXR_PMTUD:
556 SCTP_INC_STATS(net, SCTP_MIB_PMTUD_RETRANSMITS);
557 break;
558 case SCTP_RTXR_T1_RTX:
559 SCTP_INC_STATS(net, SCTP_MIB_T1_RETRANSMITS);
560 transport->asoc->init_retries++;
561 break;
562 default:
563 BUG();
564 }
565
566 sctp_retransmit_mark(q, transport, reason);
567
568 /* PR-SCTP A5) Any time the T3-rtx timer expires, on any destination,
569 * the sender SHOULD try to advance the "Advanced.Peer.Ack.Point" by
570 * following the procedures outlined in C1 - C5.
571 */
572 if (reason == SCTP_RTXR_T3_RTX)
573 q->asoc->stream.si->generate_ftsn(q, q->asoc->ctsn_ack_point);
574
575 /* Flush the queues only on timeout, since fast_rtx is only
576 * triggered during sack processing and the queue
577 * will be flushed at the end.
578 */
579 if (reason != SCTP_RTXR_FAST_RTX)
580 sctp_outq_flush(q, /* rtx_timeout */ 1, GFP_ATOMIC);
581 }
582
583 /*
584 * Transmit DATA chunks on the retransmit queue. Upon return from
585 * __sctp_outq_flush_rtx() the packet 'pkt' may contain chunks which
586 * need to be transmitted by the caller.
587 * We assume that pkt->transport has already been set.
588 *
589 * The return value is a normal kernel error return value.
590 */
__sctp_outq_flush_rtx(struct sctp_outq * q,struct sctp_packet * pkt,int rtx_timeout,int * start_timer,gfp_t gfp)591 static int __sctp_outq_flush_rtx(struct sctp_outq *q, struct sctp_packet *pkt,
592 int rtx_timeout, int *start_timer, gfp_t gfp)
593 {
594 struct sctp_transport *transport = pkt->transport;
595 struct sctp_chunk *chunk, *chunk1;
596 struct list_head *lqueue;
597 enum sctp_xmit status;
598 int error = 0;
599 int timer = 0;
600 int done = 0;
601 int fast_rtx;
602
603 lqueue = &q->retransmit;
604 fast_rtx = q->fast_rtx;
605
606 /* This loop handles time-out retransmissions, fast retransmissions,
607 * and retransmissions due to opening of whindow.
608 *
609 * RFC 2960 6.3.3 Handle T3-rtx Expiration
610 *
611 * E3) Determine how many of the earliest (i.e., lowest TSN)
612 * outstanding DATA chunks for the address for which the
613 * T3-rtx has expired will fit into a single packet, subject
614 * to the MTU constraint for the path corresponding to the
615 * destination transport address to which the retransmission
616 * is being sent (this may be different from the address for
617 * which the timer expires [see Section 6.4]). Call this value
618 * K. Bundle and retransmit those K DATA chunks in a single
619 * packet to the destination endpoint.
620 *
621 * [Just to be painfully clear, if we are retransmitting
622 * because a timeout just happened, we should send only ONE
623 * packet of retransmitted data.]
624 *
625 * For fast retransmissions we also send only ONE packet. However,
626 * if we are just flushing the queue due to open window, we'll
627 * try to send as much as possible.
628 */
629 list_for_each_entry_safe(chunk, chunk1, lqueue, transmitted_list) {
630 /* If the chunk is abandoned, move it to abandoned list. */
631 if (sctp_chunk_abandoned(chunk)) {
632 list_del_init(&chunk->transmitted_list);
633 sctp_insert_list(&q->abandoned,
634 &chunk->transmitted_list);
635 continue;
636 }
637
638 /* Make sure that Gap Acked TSNs are not retransmitted. A
639 * simple approach is just to move such TSNs out of the
640 * way and into a 'transmitted' queue and skip to the
641 * next chunk.
642 */
643 if (chunk->tsn_gap_acked) {
644 list_move_tail(&chunk->transmitted_list,
645 &transport->transmitted);
646 continue;
647 }
648
649 /* If we are doing fast retransmit, ignore non-fast_rtransmit
650 * chunks
651 */
652 if (fast_rtx && !chunk->fast_retransmit)
653 continue;
654
655 redo:
656 /* Attempt to append this chunk to the packet. */
657 status = sctp_packet_append_chunk(pkt, chunk);
658
659 switch (status) {
660 case SCTP_XMIT_PMTU_FULL:
661 if (!pkt->has_data && !pkt->has_cookie_echo) {
662 /* If this packet did not contain DATA then
663 * retransmission did not happen, so do it
664 * again. We'll ignore the error here since
665 * control chunks are already freed so there
666 * is nothing we can do.
667 */
668 sctp_packet_transmit(pkt, gfp);
669 goto redo;
670 }
671
672 /* Send this packet. */
673 error = sctp_packet_transmit(pkt, gfp);
674
675 /* If we are retransmitting, we should only
676 * send a single packet.
677 * Otherwise, try appending this chunk again.
678 */
679 if (rtx_timeout || fast_rtx)
680 done = 1;
681 else
682 goto redo;
683
684 /* Bundle next chunk in the next round. */
685 break;
686
687 case SCTP_XMIT_RWND_FULL:
688 /* Send this packet. */
689 error = sctp_packet_transmit(pkt, gfp);
690
691 /* Stop sending DATA as there is no more room
692 * at the receiver.
693 */
694 done = 1;
695 break;
696
697 case SCTP_XMIT_DELAY:
698 /* Send this packet. */
699 error = sctp_packet_transmit(pkt, gfp);
700
701 /* Stop sending DATA because of nagle delay. */
702 done = 1;
703 break;
704
705 default:
706 /* The append was successful, so add this chunk to
707 * the transmitted list.
708 */
709 list_move_tail(&chunk->transmitted_list,
710 &transport->transmitted);
711
712 /* Mark the chunk as ineligible for fast retransmit
713 * after it is retransmitted.
714 */
715 if (chunk->fast_retransmit == SCTP_NEED_FRTX)
716 chunk->fast_retransmit = SCTP_DONT_FRTX;
717
718 q->asoc->stats.rtxchunks++;
719 break;
720 }
721
722 /* Set the timer if there were no errors */
723 if (!error && !timer)
724 timer = 1;
725
726 if (done)
727 break;
728 }
729
730 /* If we are here due to a retransmit timeout or a fast
731 * retransmit and if there are any chunks left in the retransmit
732 * queue that could not fit in the PMTU sized packet, they need
733 * to be marked as ineligible for a subsequent fast retransmit.
734 */
735 if (rtx_timeout || fast_rtx) {
736 list_for_each_entry(chunk1, lqueue, transmitted_list) {
737 if (chunk1->fast_retransmit == SCTP_NEED_FRTX)
738 chunk1->fast_retransmit = SCTP_DONT_FRTX;
739 }
740 }
741
742 *start_timer = timer;
743
744 /* Clear fast retransmit hint */
745 if (fast_rtx)
746 q->fast_rtx = 0;
747
748 return error;
749 }
750
751 /* Cork the outqueue so queued chunks are really queued. */
sctp_outq_uncork(struct sctp_outq * q,gfp_t gfp)752 void sctp_outq_uncork(struct sctp_outq *q, gfp_t gfp)
753 {
754 if (q->cork)
755 q->cork = 0;
756
757 sctp_outq_flush(q, 0, gfp);
758 }
759
sctp_packet_singleton(struct sctp_transport * transport,struct sctp_chunk * chunk,gfp_t gfp)760 static int sctp_packet_singleton(struct sctp_transport *transport,
761 struct sctp_chunk *chunk, gfp_t gfp)
762 {
763 const struct sctp_association *asoc = transport->asoc;
764 const __u16 sport = asoc->base.bind_addr.port;
765 const __u16 dport = asoc->peer.port;
766 const __u32 vtag = asoc->peer.i.init_tag;
767 struct sctp_packet singleton;
768
769 sctp_packet_init(&singleton, transport, sport, dport);
770 sctp_packet_config(&singleton, vtag, 0);
771 sctp_packet_append_chunk(&singleton, chunk);
772 return sctp_packet_transmit(&singleton, gfp);
773 }
774
775 /* Struct to hold the context during sctp outq flush */
776 struct sctp_flush_ctx {
777 struct sctp_outq *q;
778 /* Current transport being used. It's NOT the same as curr active one */
779 struct sctp_transport *transport;
780 /* These transports have chunks to send. */
781 struct list_head transport_list;
782 struct sctp_association *asoc;
783 /* Packet on the current transport above */
784 struct sctp_packet *packet;
785 gfp_t gfp;
786 };
787
788 /* transport: current transport */
sctp_outq_select_transport(struct sctp_flush_ctx * ctx,struct sctp_chunk * chunk)789 static void sctp_outq_select_transport(struct sctp_flush_ctx *ctx,
790 struct sctp_chunk *chunk)
791 {
792 struct sctp_transport *new_transport = chunk->transport;
793
794 if (!new_transport) {
795 if (!sctp_chunk_is_data(chunk)) {
796 /* If we have a prior transport pointer, see if
797 * the destination address of the chunk
798 * matches the destination address of the
799 * current transport. If not a match, then
800 * try to look up the transport with a given
801 * destination address. We do this because
802 * after processing ASCONFs, we may have new
803 * transports created.
804 */
805 if (ctx->transport && sctp_cmp_addr_exact(&chunk->dest,
806 &ctx->transport->ipaddr))
807 new_transport = ctx->transport;
808 else
809 new_transport = sctp_assoc_lookup_paddr(ctx->asoc,
810 &chunk->dest);
811 }
812
813 /* if we still don't have a new transport, then
814 * use the current active path.
815 */
816 if (!new_transport)
817 new_transport = ctx->asoc->peer.active_path;
818 } else {
819 __u8 type;
820
821 switch (new_transport->state) {
822 case SCTP_INACTIVE:
823 case SCTP_UNCONFIRMED:
824 case SCTP_PF:
825 /* If the chunk is Heartbeat or Heartbeat Ack,
826 * send it to chunk->transport, even if it's
827 * inactive.
828 *
829 * 3.3.6 Heartbeat Acknowledgement:
830 * ...
831 * A HEARTBEAT ACK is always sent to the source IP
832 * address of the IP datagram containing the
833 * HEARTBEAT chunk to which this ack is responding.
834 * ...
835 *
836 * ASCONF_ACKs also must be sent to the source.
837 */
838 type = chunk->chunk_hdr->type;
839 if (type != SCTP_CID_HEARTBEAT &&
840 type != SCTP_CID_HEARTBEAT_ACK &&
841 type != SCTP_CID_ASCONF_ACK)
842 new_transport = ctx->asoc->peer.active_path;
843 break;
844 default:
845 break;
846 }
847 }
848
849 /* Are we switching transports? Take care of transport locks. */
850 if (new_transport != ctx->transport) {
851 ctx->transport = new_transport;
852 ctx->packet = &ctx->transport->packet;
853
854 if (list_empty(&ctx->transport->send_ready))
855 list_add_tail(&ctx->transport->send_ready,
856 &ctx->transport_list);
857
858 sctp_packet_config(ctx->packet,
859 ctx->asoc->peer.i.init_tag,
860 ctx->asoc->peer.ecn_capable);
861 /* We've switched transports, so apply the
862 * Burst limit to the new transport.
863 */
864 sctp_transport_burst_limited(ctx->transport);
865 }
866 }
867
sctp_outq_flush_ctrl(struct sctp_flush_ctx * ctx)868 static void sctp_outq_flush_ctrl(struct sctp_flush_ctx *ctx)
869 {
870 struct sctp_chunk *chunk, *tmp;
871 enum sctp_xmit status;
872 int one_packet, error;
873
874 list_for_each_entry_safe(chunk, tmp, &ctx->q->control_chunk_list, list) {
875 one_packet = 0;
876
877 /* RFC 5061, 5.3
878 * F1) This means that until such time as the ASCONF
879 * containing the add is acknowledged, the sender MUST
880 * NOT use the new IP address as a source for ANY SCTP
881 * packet except on carrying an ASCONF Chunk.
882 */
883 if (ctx->asoc->src_out_of_asoc_ok &&
884 chunk->chunk_hdr->type != SCTP_CID_ASCONF)
885 continue;
886
887 list_del_init(&chunk->list);
888
889 /* Pick the right transport to use. Should always be true for
890 * the first chunk as we don't have a transport by then.
891 */
892 sctp_outq_select_transport(ctx, chunk);
893
894 switch (chunk->chunk_hdr->type) {
895 /* 6.10 Bundling
896 * ...
897 * An endpoint MUST NOT bundle INIT, INIT ACK or SHUTDOWN
898 * COMPLETE with any other chunks. [Send them immediately.]
899 */
900 case SCTP_CID_INIT:
901 case SCTP_CID_INIT_ACK:
902 case SCTP_CID_SHUTDOWN_COMPLETE:
903 error = sctp_packet_singleton(ctx->transport, chunk,
904 ctx->gfp);
905 if (error < 0) {
906 ctx->asoc->base.sk->sk_err = -error;
907 return;
908 }
909 break;
910
911 case SCTP_CID_ABORT:
912 if (sctp_test_T_bit(chunk))
913 ctx->packet->vtag = ctx->asoc->c.my_vtag;
914 /* fallthru */
915
916 /* The following chunks are "response" chunks, i.e.
917 * they are generated in response to something we
918 * received. If we are sending these, then we can
919 * send only 1 packet containing these chunks.
920 */
921 case SCTP_CID_HEARTBEAT_ACK:
922 case SCTP_CID_SHUTDOWN_ACK:
923 case SCTP_CID_COOKIE_ACK:
924 case SCTP_CID_COOKIE_ECHO:
925 case SCTP_CID_ERROR:
926 case SCTP_CID_ECN_CWR:
927 case SCTP_CID_ASCONF_ACK:
928 one_packet = 1;
929 /* Fall through */
930
931 case SCTP_CID_SACK:
932 case SCTP_CID_HEARTBEAT:
933 case SCTP_CID_SHUTDOWN:
934 case SCTP_CID_ECN_ECNE:
935 case SCTP_CID_ASCONF:
936 case SCTP_CID_FWD_TSN:
937 case SCTP_CID_I_FWD_TSN:
938 case SCTP_CID_RECONF:
939 status = sctp_packet_transmit_chunk(ctx->packet, chunk,
940 one_packet, ctx->gfp);
941 if (status != SCTP_XMIT_OK) {
942 /* put the chunk back */
943 list_add(&chunk->list, &ctx->q->control_chunk_list);
944 break;
945 }
946
947 ctx->asoc->stats.octrlchunks++;
948 /* PR-SCTP C5) If a FORWARD TSN is sent, the
949 * sender MUST assure that at least one T3-rtx
950 * timer is running.
951 */
952 if (chunk->chunk_hdr->type == SCTP_CID_FWD_TSN ||
953 chunk->chunk_hdr->type == SCTP_CID_I_FWD_TSN) {
954 sctp_transport_reset_t3_rtx(ctx->transport);
955 ctx->transport->last_time_sent = jiffies;
956 }
957
958 if (chunk == ctx->asoc->strreset_chunk)
959 sctp_transport_reset_reconf_timer(ctx->transport);
960
961 break;
962
963 default:
964 /* We built a chunk with an illegal type! */
965 BUG();
966 }
967 }
968 }
969
970 /* Returns false if new data shouldn't be sent */
sctp_outq_flush_rtx(struct sctp_flush_ctx * ctx,int rtx_timeout)971 static bool sctp_outq_flush_rtx(struct sctp_flush_ctx *ctx,
972 int rtx_timeout)
973 {
974 int error, start_timer = 0;
975
976 if (ctx->asoc->peer.retran_path->state == SCTP_UNCONFIRMED)
977 return false;
978
979 if (ctx->transport != ctx->asoc->peer.retran_path) {
980 /* Switch transports & prepare the packet. */
981 ctx->transport = ctx->asoc->peer.retran_path;
982 ctx->packet = &ctx->transport->packet;
983
984 if (list_empty(&ctx->transport->send_ready))
985 list_add_tail(&ctx->transport->send_ready,
986 &ctx->transport_list);
987
988 sctp_packet_config(ctx->packet, ctx->asoc->peer.i.init_tag,
989 ctx->asoc->peer.ecn_capable);
990 }
991
992 error = __sctp_outq_flush_rtx(ctx->q, ctx->packet, rtx_timeout,
993 &start_timer, ctx->gfp);
994 if (error < 0)
995 ctx->asoc->base.sk->sk_err = -error;
996
997 if (start_timer) {
998 sctp_transport_reset_t3_rtx(ctx->transport);
999 ctx->transport->last_time_sent = jiffies;
1000 }
1001
1002 /* This can happen on COOKIE-ECHO resend. Only
1003 * one chunk can get bundled with a COOKIE-ECHO.
1004 */
1005 if (ctx->packet->has_cookie_echo)
1006 return false;
1007
1008 /* Don't send new data if there is still data
1009 * waiting to retransmit.
1010 */
1011 if (!list_empty(&ctx->q->retransmit))
1012 return false;
1013
1014 return true;
1015 }
1016
sctp_outq_flush_data(struct sctp_flush_ctx * ctx,int rtx_timeout)1017 static void sctp_outq_flush_data(struct sctp_flush_ctx *ctx,
1018 int rtx_timeout)
1019 {
1020 struct sctp_chunk *chunk;
1021 enum sctp_xmit status;
1022
1023 /* Is it OK to send data chunks? */
1024 switch (ctx->asoc->state) {
1025 case SCTP_STATE_COOKIE_ECHOED:
1026 /* Only allow bundling when this packet has a COOKIE-ECHO
1027 * chunk.
1028 */
1029 if (!ctx->packet || !ctx->packet->has_cookie_echo)
1030 return;
1031
1032 /* fall through */
1033 case SCTP_STATE_ESTABLISHED:
1034 case SCTP_STATE_SHUTDOWN_PENDING:
1035 case SCTP_STATE_SHUTDOWN_RECEIVED:
1036 break;
1037
1038 default:
1039 /* Do nothing. */
1040 return;
1041 }
1042
1043 /* RFC 2960 6.1 Transmission of DATA Chunks
1044 *
1045 * C) When the time comes for the sender to transmit,
1046 * before sending new DATA chunks, the sender MUST
1047 * first transmit any outstanding DATA chunks which
1048 * are marked for retransmission (limited by the
1049 * current cwnd).
1050 */
1051 if (!list_empty(&ctx->q->retransmit) &&
1052 !sctp_outq_flush_rtx(ctx, rtx_timeout))
1053 return;
1054
1055 /* Apply Max.Burst limitation to the current transport in
1056 * case it will be used for new data. We are going to
1057 * rest it before we return, but we want to apply the limit
1058 * to the currently queued data.
1059 */
1060 if (ctx->transport)
1061 sctp_transport_burst_limited(ctx->transport);
1062
1063 /* Finally, transmit new packets. */
1064 while ((chunk = sctp_outq_dequeue_data(ctx->q)) != NULL) {
1065 __u32 sid = ntohs(chunk->subh.data_hdr->stream);
1066 __u8 stream_state = SCTP_SO(&ctx->asoc->stream, sid)->state;
1067
1068 /* Has this chunk expired? */
1069 if (sctp_chunk_abandoned(chunk)) {
1070 sctp_sched_dequeue_done(ctx->q, chunk);
1071 sctp_chunk_fail(chunk, 0);
1072 sctp_chunk_free(chunk);
1073 continue;
1074 }
1075
1076 if (stream_state == SCTP_STREAM_CLOSED) {
1077 sctp_outq_head_data(ctx->q, chunk);
1078 break;
1079 }
1080
1081 sctp_outq_select_transport(ctx, chunk);
1082
1083 pr_debug("%s: outq:%p, chunk:%p[%s], tx-tsn:0x%x skb->head:%p skb->users:%d\n",
1084 __func__, ctx->q, chunk, chunk && chunk->chunk_hdr ?
1085 sctp_cname(SCTP_ST_CHUNK(chunk->chunk_hdr->type)) :
1086 "illegal chunk", ntohl(chunk->subh.data_hdr->tsn),
1087 chunk->skb ? chunk->skb->head : NULL, chunk->skb ?
1088 refcount_read(&chunk->skb->users) : -1);
1089
1090 /* Add the chunk to the packet. */
1091 status = sctp_packet_transmit_chunk(ctx->packet, chunk, 0,
1092 ctx->gfp);
1093 if (status != SCTP_XMIT_OK) {
1094 /* We could not append this chunk, so put
1095 * the chunk back on the output queue.
1096 */
1097 pr_debug("%s: could not transmit tsn:0x%x, status:%d\n",
1098 __func__, ntohl(chunk->subh.data_hdr->tsn),
1099 status);
1100
1101 sctp_outq_head_data(ctx->q, chunk);
1102 break;
1103 }
1104
1105 /* The sender is in the SHUTDOWN-PENDING state,
1106 * The sender MAY set the I-bit in the DATA
1107 * chunk header.
1108 */
1109 if (ctx->asoc->state == SCTP_STATE_SHUTDOWN_PENDING)
1110 chunk->chunk_hdr->flags |= SCTP_DATA_SACK_IMM;
1111 if (chunk->chunk_hdr->flags & SCTP_DATA_UNORDERED)
1112 ctx->asoc->stats.ouodchunks++;
1113 else
1114 ctx->asoc->stats.oodchunks++;
1115
1116 /* Only now it's safe to consider this
1117 * chunk as sent, sched-wise.
1118 */
1119 sctp_sched_dequeue_done(ctx->q, chunk);
1120
1121 list_add_tail(&chunk->transmitted_list,
1122 &ctx->transport->transmitted);
1123
1124 sctp_transport_reset_t3_rtx(ctx->transport);
1125 ctx->transport->last_time_sent = jiffies;
1126
1127 /* Only let one DATA chunk get bundled with a
1128 * COOKIE-ECHO chunk.
1129 */
1130 if (ctx->packet->has_cookie_echo)
1131 break;
1132 }
1133 }
1134
sctp_outq_flush_transports(struct sctp_flush_ctx * ctx)1135 static void sctp_outq_flush_transports(struct sctp_flush_ctx *ctx)
1136 {
1137 struct list_head *ltransport;
1138 struct sctp_packet *packet;
1139 struct sctp_transport *t;
1140 int error = 0;
1141
1142 while ((ltransport = sctp_list_dequeue(&ctx->transport_list)) != NULL) {
1143 t = list_entry(ltransport, struct sctp_transport, send_ready);
1144 packet = &t->packet;
1145 if (!sctp_packet_empty(packet)) {
1146 error = sctp_packet_transmit(packet, ctx->gfp);
1147 if (error < 0)
1148 ctx->q->asoc->base.sk->sk_err = -error;
1149 }
1150
1151 /* Clear the burst limited state, if any */
1152 sctp_transport_burst_reset(t);
1153 }
1154 }
1155
1156 /* Try to flush an outqueue.
1157 *
1158 * Description: Send everything in q which we legally can, subject to
1159 * congestion limitations.
1160 * * Note: This function can be called from multiple contexts so appropriate
1161 * locking concerns must be made. Today we use the sock lock to protect
1162 * this function.
1163 */
1164
sctp_outq_flush(struct sctp_outq * q,int rtx_timeout,gfp_t gfp)1165 static void sctp_outq_flush(struct sctp_outq *q, int rtx_timeout, gfp_t gfp)
1166 {
1167 struct sctp_flush_ctx ctx = {
1168 .q = q,
1169 .transport = NULL,
1170 .transport_list = LIST_HEAD_INIT(ctx.transport_list),
1171 .asoc = q->asoc,
1172 .packet = NULL,
1173 .gfp = gfp,
1174 };
1175
1176 /* 6.10 Bundling
1177 * ...
1178 * When bundling control chunks with DATA chunks, an
1179 * endpoint MUST place control chunks first in the outbound
1180 * SCTP packet. The transmitter MUST transmit DATA chunks
1181 * within a SCTP packet in increasing order of TSN.
1182 * ...
1183 */
1184
1185 sctp_outq_flush_ctrl(&ctx);
1186
1187 if (q->asoc->src_out_of_asoc_ok)
1188 goto sctp_flush_out;
1189
1190 sctp_outq_flush_data(&ctx, rtx_timeout);
1191
1192 sctp_flush_out:
1193
1194 sctp_outq_flush_transports(&ctx);
1195 }
1196
1197 /* Update unack_data based on the incoming SACK chunk */
sctp_sack_update_unack_data(struct sctp_association * assoc,struct sctp_sackhdr * sack)1198 static void sctp_sack_update_unack_data(struct sctp_association *assoc,
1199 struct sctp_sackhdr *sack)
1200 {
1201 union sctp_sack_variable *frags;
1202 __u16 unack_data;
1203 int i;
1204
1205 unack_data = assoc->next_tsn - assoc->ctsn_ack_point - 1;
1206
1207 frags = sack->variable;
1208 for (i = 0; i < ntohs(sack->num_gap_ack_blocks); i++) {
1209 unack_data -= ((ntohs(frags[i].gab.end) -
1210 ntohs(frags[i].gab.start) + 1));
1211 }
1212
1213 assoc->unack_data = unack_data;
1214 }
1215
1216 /* This is where we REALLY process a SACK.
1217 *
1218 * Process the SACK against the outqueue. Mostly, this just frees
1219 * things off the transmitted queue.
1220 */
sctp_outq_sack(struct sctp_outq * q,struct sctp_chunk * chunk)1221 int sctp_outq_sack(struct sctp_outq *q, struct sctp_chunk *chunk)
1222 {
1223 struct sctp_association *asoc = q->asoc;
1224 struct sctp_sackhdr *sack = chunk->subh.sack_hdr;
1225 struct sctp_transport *transport;
1226 struct sctp_chunk *tchunk = NULL;
1227 struct list_head *lchunk, *transport_list, *temp;
1228 union sctp_sack_variable *frags = sack->variable;
1229 __u32 sack_ctsn, ctsn, tsn;
1230 __u32 highest_tsn, highest_new_tsn;
1231 __u32 sack_a_rwnd;
1232 unsigned int outstanding;
1233 struct sctp_transport *primary = asoc->peer.primary_path;
1234 int count_of_newacks = 0;
1235 int gap_ack_blocks;
1236 u8 accum_moved = 0;
1237
1238 /* Grab the association's destination address list. */
1239 transport_list = &asoc->peer.transport_addr_list;
1240
1241 sack_ctsn = ntohl(sack->cum_tsn_ack);
1242 gap_ack_blocks = ntohs(sack->num_gap_ack_blocks);
1243 asoc->stats.gapcnt += gap_ack_blocks;
1244 /*
1245 * SFR-CACC algorithm:
1246 * On receipt of a SACK the sender SHOULD execute the
1247 * following statements.
1248 *
1249 * 1) If the cumulative ack in the SACK passes next tsn_at_change
1250 * on the current primary, the CHANGEOVER_ACTIVE flag SHOULD be
1251 * cleared. The CYCLING_CHANGEOVER flag SHOULD also be cleared for
1252 * all destinations.
1253 * 2) If the SACK contains gap acks and the flag CHANGEOVER_ACTIVE
1254 * is set the receiver of the SACK MUST take the following actions:
1255 *
1256 * A) Initialize the cacc_saw_newack to 0 for all destination
1257 * addresses.
1258 *
1259 * Only bother if changeover_active is set. Otherwise, this is
1260 * totally suboptimal to do on every SACK.
1261 */
1262 if (primary->cacc.changeover_active) {
1263 u8 clear_cycling = 0;
1264
1265 if (TSN_lte(primary->cacc.next_tsn_at_change, sack_ctsn)) {
1266 primary->cacc.changeover_active = 0;
1267 clear_cycling = 1;
1268 }
1269
1270 if (clear_cycling || gap_ack_blocks) {
1271 list_for_each_entry(transport, transport_list,
1272 transports) {
1273 if (clear_cycling)
1274 transport->cacc.cycling_changeover = 0;
1275 if (gap_ack_blocks)
1276 transport->cacc.cacc_saw_newack = 0;
1277 }
1278 }
1279 }
1280
1281 /* Get the highest TSN in the sack. */
1282 highest_tsn = sack_ctsn;
1283 if (gap_ack_blocks)
1284 highest_tsn += ntohs(frags[gap_ack_blocks - 1].gab.end);
1285
1286 if (TSN_lt(asoc->highest_sacked, highest_tsn))
1287 asoc->highest_sacked = highest_tsn;
1288
1289 highest_new_tsn = sack_ctsn;
1290
1291 /* Run through the retransmit queue. Credit bytes received
1292 * and free those chunks that we can.
1293 */
1294 sctp_check_transmitted(q, &q->retransmit, NULL, NULL, sack, &highest_new_tsn);
1295
1296 /* Run through the transmitted queue.
1297 * Credit bytes received and free those chunks which we can.
1298 *
1299 * This is a MASSIVE candidate for optimization.
1300 */
1301 list_for_each_entry(transport, transport_list, transports) {
1302 sctp_check_transmitted(q, &transport->transmitted,
1303 transport, &chunk->source, sack,
1304 &highest_new_tsn);
1305 /*
1306 * SFR-CACC algorithm:
1307 * C) Let count_of_newacks be the number of
1308 * destinations for which cacc_saw_newack is set.
1309 */
1310 if (transport->cacc.cacc_saw_newack)
1311 count_of_newacks++;
1312 }
1313
1314 /* Move the Cumulative TSN Ack Point if appropriate. */
1315 if (TSN_lt(asoc->ctsn_ack_point, sack_ctsn)) {
1316 asoc->ctsn_ack_point = sack_ctsn;
1317 accum_moved = 1;
1318 }
1319
1320 if (gap_ack_blocks) {
1321
1322 if (asoc->fast_recovery && accum_moved)
1323 highest_new_tsn = highest_tsn;
1324
1325 list_for_each_entry(transport, transport_list, transports)
1326 sctp_mark_missing(q, &transport->transmitted, transport,
1327 highest_new_tsn, count_of_newacks);
1328 }
1329
1330 /* Update unack_data field in the assoc. */
1331 sctp_sack_update_unack_data(asoc, sack);
1332
1333 ctsn = asoc->ctsn_ack_point;
1334
1335 /* Throw away stuff rotting on the sack queue. */
1336 list_for_each_safe(lchunk, temp, &q->sacked) {
1337 tchunk = list_entry(lchunk, struct sctp_chunk,
1338 transmitted_list);
1339 tsn = ntohl(tchunk->subh.data_hdr->tsn);
1340 if (TSN_lte(tsn, ctsn)) {
1341 list_del_init(&tchunk->transmitted_list);
1342 if (asoc->peer.prsctp_capable &&
1343 SCTP_PR_PRIO_ENABLED(chunk->sinfo.sinfo_flags))
1344 asoc->sent_cnt_removable--;
1345 sctp_chunk_free(tchunk);
1346 }
1347 }
1348
1349 /* ii) Set rwnd equal to the newly received a_rwnd minus the
1350 * number of bytes still outstanding after processing the
1351 * Cumulative TSN Ack and the Gap Ack Blocks.
1352 */
1353
1354 sack_a_rwnd = ntohl(sack->a_rwnd);
1355 asoc->peer.zero_window_announced = !sack_a_rwnd;
1356 outstanding = q->outstanding_bytes;
1357
1358 if (outstanding < sack_a_rwnd)
1359 sack_a_rwnd -= outstanding;
1360 else
1361 sack_a_rwnd = 0;
1362
1363 asoc->peer.rwnd = sack_a_rwnd;
1364
1365 asoc->stream.si->generate_ftsn(q, sack_ctsn);
1366
1367 pr_debug("%s: sack cumulative tsn ack:0x%x\n", __func__, sack_ctsn);
1368 pr_debug("%s: cumulative tsn ack of assoc:%p is 0x%x, "
1369 "advertised peer ack point:0x%x\n", __func__, asoc, ctsn,
1370 asoc->adv_peer_ack_point);
1371
1372 return sctp_outq_is_empty(q);
1373 }
1374
1375 /* Is the outqueue empty?
1376 * The queue is empty when we have not pending data, no in-flight data
1377 * and nothing pending retransmissions.
1378 */
sctp_outq_is_empty(const struct sctp_outq * q)1379 int sctp_outq_is_empty(const struct sctp_outq *q)
1380 {
1381 return q->out_qlen == 0 && q->outstanding_bytes == 0 &&
1382 list_empty(&q->retransmit);
1383 }
1384
1385 /********************************************************************
1386 * 2nd Level Abstractions
1387 ********************************************************************/
1388
1389 /* Go through a transport's transmitted list or the association's retransmit
1390 * list and move chunks that are acked by the Cumulative TSN Ack to q->sacked.
1391 * The retransmit list will not have an associated transport.
1392 *
1393 * I added coherent debug information output. --xguo
1394 *
1395 * Instead of printing 'sacked' or 'kept' for each TSN on the
1396 * transmitted_queue, we print a range: SACKED: TSN1-TSN2, TSN3, TSN4-TSN5.
1397 * KEPT TSN6-TSN7, etc.
1398 */
sctp_check_transmitted(struct sctp_outq * q,struct list_head * transmitted_queue,struct sctp_transport * transport,union sctp_addr * saddr,struct sctp_sackhdr * sack,__u32 * highest_new_tsn_in_sack)1399 static void sctp_check_transmitted(struct sctp_outq *q,
1400 struct list_head *transmitted_queue,
1401 struct sctp_transport *transport,
1402 union sctp_addr *saddr,
1403 struct sctp_sackhdr *sack,
1404 __u32 *highest_new_tsn_in_sack)
1405 {
1406 struct list_head *lchunk;
1407 struct sctp_chunk *tchunk;
1408 struct list_head tlist;
1409 __u32 tsn;
1410 __u32 sack_ctsn;
1411 __u32 rtt;
1412 __u8 restart_timer = 0;
1413 int bytes_acked = 0;
1414 int migrate_bytes = 0;
1415 bool forward_progress = false;
1416
1417 sack_ctsn = ntohl(sack->cum_tsn_ack);
1418
1419 INIT_LIST_HEAD(&tlist);
1420
1421 /* The while loop will skip empty transmitted queues. */
1422 while (NULL != (lchunk = sctp_list_dequeue(transmitted_queue))) {
1423 tchunk = list_entry(lchunk, struct sctp_chunk,
1424 transmitted_list);
1425
1426 if (sctp_chunk_abandoned(tchunk)) {
1427 /* Move the chunk to abandoned list. */
1428 sctp_insert_list(&q->abandoned, lchunk);
1429
1430 /* If this chunk has not been acked, stop
1431 * considering it as 'outstanding'.
1432 */
1433 if (transmitted_queue != &q->retransmit &&
1434 !tchunk->tsn_gap_acked) {
1435 if (tchunk->transport)
1436 tchunk->transport->flight_size -=
1437 sctp_data_size(tchunk);
1438 q->outstanding_bytes -= sctp_data_size(tchunk);
1439 }
1440 continue;
1441 }
1442
1443 tsn = ntohl(tchunk->subh.data_hdr->tsn);
1444 if (sctp_acked(sack, tsn)) {
1445 /* If this queue is the retransmit queue, the
1446 * retransmit timer has already reclaimed
1447 * the outstanding bytes for this chunk, so only
1448 * count bytes associated with a transport.
1449 */
1450 if (transport && !tchunk->tsn_gap_acked) {
1451 /* If this chunk is being used for RTT
1452 * measurement, calculate the RTT and update
1453 * the RTO using this value.
1454 *
1455 * 6.3.1 C5) Karn's algorithm: RTT measurements
1456 * MUST NOT be made using packets that were
1457 * retransmitted (and thus for which it is
1458 * ambiguous whether the reply was for the
1459 * first instance of the packet or a later
1460 * instance).
1461 */
1462 if (!sctp_chunk_retransmitted(tchunk) &&
1463 tchunk->rtt_in_progress) {
1464 tchunk->rtt_in_progress = 0;
1465 rtt = jiffies - tchunk->sent_at;
1466 sctp_transport_update_rto(transport,
1467 rtt);
1468 }
1469
1470 if (TSN_lte(tsn, sack_ctsn)) {
1471 /*
1472 * SFR-CACC algorithm:
1473 * 2) If the SACK contains gap acks
1474 * and the flag CHANGEOVER_ACTIVE is
1475 * set the receiver of the SACK MUST
1476 * take the following action:
1477 *
1478 * B) For each TSN t being acked that
1479 * has not been acked in any SACK so
1480 * far, set cacc_saw_newack to 1 for
1481 * the destination that the TSN was
1482 * sent to.
1483 */
1484 if (sack->num_gap_ack_blocks &&
1485 q->asoc->peer.primary_path->cacc.
1486 changeover_active)
1487 transport->cacc.cacc_saw_newack
1488 = 1;
1489 }
1490 }
1491
1492 /* If the chunk hasn't been marked as ACKED,
1493 * mark it and account bytes_acked if the
1494 * chunk had a valid transport (it will not
1495 * have a transport if ASCONF had deleted it
1496 * while DATA was outstanding).
1497 */
1498 if (!tchunk->tsn_gap_acked) {
1499 tchunk->tsn_gap_acked = 1;
1500 if (TSN_lt(*highest_new_tsn_in_sack, tsn))
1501 *highest_new_tsn_in_sack = tsn;
1502 bytes_acked += sctp_data_size(tchunk);
1503 if (!tchunk->transport)
1504 migrate_bytes += sctp_data_size(tchunk);
1505 forward_progress = true;
1506 }
1507
1508 if (TSN_lte(tsn, sack_ctsn)) {
1509 /* RFC 2960 6.3.2 Retransmission Timer Rules
1510 *
1511 * R3) Whenever a SACK is received
1512 * that acknowledges the DATA chunk
1513 * with the earliest outstanding TSN
1514 * for that address, restart T3-rtx
1515 * timer for that address with its
1516 * current RTO.
1517 */
1518 restart_timer = 1;
1519 forward_progress = true;
1520
1521 list_add_tail(&tchunk->transmitted_list,
1522 &q->sacked);
1523 } else {
1524 /* RFC2960 7.2.4, sctpimpguide-05 2.8.2
1525 * M2) Each time a SACK arrives reporting
1526 * 'Stray DATA chunk(s)' record the highest TSN
1527 * reported as newly acknowledged, call this
1528 * value 'HighestTSNinSack'. A newly
1529 * acknowledged DATA chunk is one not
1530 * previously acknowledged in a SACK.
1531 *
1532 * When the SCTP sender of data receives a SACK
1533 * chunk that acknowledges, for the first time,
1534 * the receipt of a DATA chunk, all the still
1535 * unacknowledged DATA chunks whose TSN is
1536 * older than that newly acknowledged DATA
1537 * chunk, are qualified as 'Stray DATA chunks'.
1538 */
1539 list_add_tail(lchunk, &tlist);
1540 }
1541 } else {
1542 if (tchunk->tsn_gap_acked) {
1543 pr_debug("%s: receiver reneged on data TSN:0x%x\n",
1544 __func__, tsn);
1545
1546 tchunk->tsn_gap_acked = 0;
1547
1548 if (tchunk->transport)
1549 bytes_acked -= sctp_data_size(tchunk);
1550
1551 /* RFC 2960 6.3.2 Retransmission Timer Rules
1552 *
1553 * R4) Whenever a SACK is received missing a
1554 * TSN that was previously acknowledged via a
1555 * Gap Ack Block, start T3-rtx for the
1556 * destination address to which the DATA
1557 * chunk was originally
1558 * transmitted if it is not already running.
1559 */
1560 restart_timer = 1;
1561 }
1562
1563 list_add_tail(lchunk, &tlist);
1564 }
1565 }
1566
1567 if (transport) {
1568 if (bytes_acked) {
1569 struct sctp_association *asoc = transport->asoc;
1570
1571 /* We may have counted DATA that was migrated
1572 * to this transport due to DEL-IP operation.
1573 * Subtract those bytes, since the were never
1574 * send on this transport and shouldn't be
1575 * credited to this transport.
1576 */
1577 bytes_acked -= migrate_bytes;
1578
1579 /* 8.2. When an outstanding TSN is acknowledged,
1580 * the endpoint shall clear the error counter of
1581 * the destination transport address to which the
1582 * DATA chunk was last sent.
1583 * The association's overall error counter is
1584 * also cleared.
1585 */
1586 transport->error_count = 0;
1587 transport->asoc->overall_error_count = 0;
1588 forward_progress = true;
1589
1590 /*
1591 * While in SHUTDOWN PENDING, we may have started
1592 * the T5 shutdown guard timer after reaching the
1593 * retransmission limit. Stop that timer as soon
1594 * as the receiver acknowledged any data.
1595 */
1596 if (asoc->state == SCTP_STATE_SHUTDOWN_PENDING &&
1597 del_timer(&asoc->timers
1598 [SCTP_EVENT_TIMEOUT_T5_SHUTDOWN_GUARD]))
1599 sctp_association_put(asoc);
1600
1601 /* Mark the destination transport address as
1602 * active if it is not so marked.
1603 */
1604 if ((transport->state == SCTP_INACTIVE ||
1605 transport->state == SCTP_UNCONFIRMED) &&
1606 sctp_cmp_addr_exact(&transport->ipaddr, saddr)) {
1607 sctp_assoc_control_transport(
1608 transport->asoc,
1609 transport,
1610 SCTP_TRANSPORT_UP,
1611 SCTP_RECEIVED_SACK);
1612 }
1613
1614 sctp_transport_raise_cwnd(transport, sack_ctsn,
1615 bytes_acked);
1616
1617 transport->flight_size -= bytes_acked;
1618 if (transport->flight_size == 0)
1619 transport->partial_bytes_acked = 0;
1620 q->outstanding_bytes -= bytes_acked + migrate_bytes;
1621 } else {
1622 /* RFC 2960 6.1, sctpimpguide-06 2.15.2
1623 * When a sender is doing zero window probing, it
1624 * should not timeout the association if it continues
1625 * to receive new packets from the receiver. The
1626 * reason is that the receiver MAY keep its window
1627 * closed for an indefinite time.
1628 * A sender is doing zero window probing when the
1629 * receiver's advertised window is zero, and there is
1630 * only one data chunk in flight to the receiver.
1631 *
1632 * Allow the association to timeout while in SHUTDOWN
1633 * PENDING or SHUTDOWN RECEIVED in case the receiver
1634 * stays in zero window mode forever.
1635 */
1636 if (!q->asoc->peer.rwnd &&
1637 !list_empty(&tlist) &&
1638 (sack_ctsn+2 == q->asoc->next_tsn) &&
1639 q->asoc->state < SCTP_STATE_SHUTDOWN_PENDING) {
1640 pr_debug("%s: sack received for zero window "
1641 "probe:%u\n", __func__, sack_ctsn);
1642
1643 q->asoc->overall_error_count = 0;
1644 transport->error_count = 0;
1645 }
1646 }
1647
1648 /* RFC 2960 6.3.2 Retransmission Timer Rules
1649 *
1650 * R2) Whenever all outstanding data sent to an address have
1651 * been acknowledged, turn off the T3-rtx timer of that
1652 * address.
1653 */
1654 if (!transport->flight_size) {
1655 if (del_timer(&transport->T3_rtx_timer))
1656 sctp_transport_put(transport);
1657 } else if (restart_timer) {
1658 if (!mod_timer(&transport->T3_rtx_timer,
1659 jiffies + transport->rto))
1660 sctp_transport_hold(transport);
1661 }
1662
1663 if (forward_progress) {
1664 if (transport->dst)
1665 sctp_transport_dst_confirm(transport);
1666 }
1667 }
1668
1669 list_splice(&tlist, transmitted_queue);
1670 }
1671
1672 /* Mark chunks as missing and consequently may get retransmitted. */
sctp_mark_missing(struct sctp_outq * q,struct list_head * transmitted_queue,struct sctp_transport * transport,__u32 highest_new_tsn_in_sack,int count_of_newacks)1673 static void sctp_mark_missing(struct sctp_outq *q,
1674 struct list_head *transmitted_queue,
1675 struct sctp_transport *transport,
1676 __u32 highest_new_tsn_in_sack,
1677 int count_of_newacks)
1678 {
1679 struct sctp_chunk *chunk;
1680 __u32 tsn;
1681 char do_fast_retransmit = 0;
1682 struct sctp_association *asoc = q->asoc;
1683 struct sctp_transport *primary = asoc->peer.primary_path;
1684
1685 list_for_each_entry(chunk, transmitted_queue, transmitted_list) {
1686
1687 tsn = ntohl(chunk->subh.data_hdr->tsn);
1688
1689 /* RFC 2960 7.2.4, sctpimpguide-05 2.8.2 M3) Examine all
1690 * 'Unacknowledged TSN's', if the TSN number of an
1691 * 'Unacknowledged TSN' is smaller than the 'HighestTSNinSack'
1692 * value, increment the 'TSN.Missing.Report' count on that
1693 * chunk if it has NOT been fast retransmitted or marked for
1694 * fast retransmit already.
1695 */
1696 if (chunk->fast_retransmit == SCTP_CAN_FRTX &&
1697 !chunk->tsn_gap_acked &&
1698 TSN_lt(tsn, highest_new_tsn_in_sack)) {
1699
1700 /* SFR-CACC may require us to skip marking
1701 * this chunk as missing.
1702 */
1703 if (!transport || !sctp_cacc_skip(primary,
1704 chunk->transport,
1705 count_of_newacks, tsn)) {
1706 chunk->tsn_missing_report++;
1707
1708 pr_debug("%s: tsn:0x%x missing counter:%d\n",
1709 __func__, tsn, chunk->tsn_missing_report);
1710 }
1711 }
1712 /*
1713 * M4) If any DATA chunk is found to have a
1714 * 'TSN.Missing.Report'
1715 * value larger than or equal to 3, mark that chunk for
1716 * retransmission and start the fast retransmit procedure.
1717 */
1718
1719 if (chunk->tsn_missing_report >= 3) {
1720 chunk->fast_retransmit = SCTP_NEED_FRTX;
1721 do_fast_retransmit = 1;
1722 }
1723 }
1724
1725 if (transport) {
1726 if (do_fast_retransmit)
1727 sctp_retransmit(q, transport, SCTP_RTXR_FAST_RTX);
1728
1729 pr_debug("%s: transport:%p, cwnd:%d, ssthresh:%d, "
1730 "flight_size:%d, pba:%d\n", __func__, transport,
1731 transport->cwnd, transport->ssthresh,
1732 transport->flight_size, transport->partial_bytes_acked);
1733 }
1734 }
1735
1736 /* Is the given TSN acked by this packet? */
sctp_acked(struct sctp_sackhdr * sack,__u32 tsn)1737 static int sctp_acked(struct sctp_sackhdr *sack, __u32 tsn)
1738 {
1739 __u32 ctsn = ntohl(sack->cum_tsn_ack);
1740 union sctp_sack_variable *frags;
1741 __u16 tsn_offset, blocks;
1742 int i;
1743
1744 if (TSN_lte(tsn, ctsn))
1745 goto pass;
1746
1747 /* 3.3.4 Selective Acknowledgment (SACK) (3):
1748 *
1749 * Gap Ack Blocks:
1750 * These fields contain the Gap Ack Blocks. They are repeated
1751 * for each Gap Ack Block up to the number of Gap Ack Blocks
1752 * defined in the Number of Gap Ack Blocks field. All DATA
1753 * chunks with TSNs greater than or equal to (Cumulative TSN
1754 * Ack + Gap Ack Block Start) and less than or equal to
1755 * (Cumulative TSN Ack + Gap Ack Block End) of each Gap Ack
1756 * Block are assumed to have been received correctly.
1757 */
1758
1759 frags = sack->variable;
1760 blocks = ntohs(sack->num_gap_ack_blocks);
1761 tsn_offset = tsn - ctsn;
1762 for (i = 0; i < blocks; ++i) {
1763 if (tsn_offset >= ntohs(frags[i].gab.start) &&
1764 tsn_offset <= ntohs(frags[i].gab.end))
1765 goto pass;
1766 }
1767
1768 return 0;
1769 pass:
1770 return 1;
1771 }
1772
sctp_get_skip_pos(struct sctp_fwdtsn_skip * skiplist,int nskips,__be16 stream)1773 static inline int sctp_get_skip_pos(struct sctp_fwdtsn_skip *skiplist,
1774 int nskips, __be16 stream)
1775 {
1776 int i;
1777
1778 for (i = 0; i < nskips; i++) {
1779 if (skiplist[i].stream == stream)
1780 return i;
1781 }
1782 return i;
1783 }
1784
1785 /* Create and add a fwdtsn chunk to the outq's control queue if needed. */
sctp_generate_fwdtsn(struct sctp_outq * q,__u32 ctsn)1786 void sctp_generate_fwdtsn(struct sctp_outq *q, __u32 ctsn)
1787 {
1788 struct sctp_association *asoc = q->asoc;
1789 struct sctp_chunk *ftsn_chunk = NULL;
1790 struct sctp_fwdtsn_skip ftsn_skip_arr[10];
1791 int nskips = 0;
1792 int skip_pos = 0;
1793 __u32 tsn;
1794 struct sctp_chunk *chunk;
1795 struct list_head *lchunk, *temp;
1796
1797 if (!asoc->peer.prsctp_capable)
1798 return;
1799
1800 /* PR-SCTP C1) Let SackCumAck be the Cumulative TSN ACK carried in the
1801 * received SACK.
1802 *
1803 * If (Advanced.Peer.Ack.Point < SackCumAck), then update
1804 * Advanced.Peer.Ack.Point to be equal to SackCumAck.
1805 */
1806 if (TSN_lt(asoc->adv_peer_ack_point, ctsn))
1807 asoc->adv_peer_ack_point = ctsn;
1808
1809 /* PR-SCTP C2) Try to further advance the "Advanced.Peer.Ack.Point"
1810 * locally, that is, to move "Advanced.Peer.Ack.Point" up as long as
1811 * the chunk next in the out-queue space is marked as "abandoned" as
1812 * shown in the following example:
1813 *
1814 * Assuming that a SACK arrived with the Cumulative TSN ACK 102
1815 * and the Advanced.Peer.Ack.Point is updated to this value:
1816 *
1817 * out-queue at the end of ==> out-queue after Adv.Ack.Point
1818 * normal SACK processing local advancement
1819 * ... ...
1820 * Adv.Ack.Pt-> 102 acked 102 acked
1821 * 103 abandoned 103 abandoned
1822 * 104 abandoned Adv.Ack.P-> 104 abandoned
1823 * 105 105
1824 * 106 acked 106 acked
1825 * ... ...
1826 *
1827 * In this example, the data sender successfully advanced the
1828 * "Advanced.Peer.Ack.Point" from 102 to 104 locally.
1829 */
1830 list_for_each_safe(lchunk, temp, &q->abandoned) {
1831 chunk = list_entry(lchunk, struct sctp_chunk,
1832 transmitted_list);
1833 tsn = ntohl(chunk->subh.data_hdr->tsn);
1834
1835 /* Remove any chunks in the abandoned queue that are acked by
1836 * the ctsn.
1837 */
1838 if (TSN_lte(tsn, ctsn)) {
1839 list_del_init(lchunk);
1840 sctp_chunk_free(chunk);
1841 } else {
1842 if (TSN_lte(tsn, asoc->adv_peer_ack_point+1)) {
1843 asoc->adv_peer_ack_point = tsn;
1844 if (chunk->chunk_hdr->flags &
1845 SCTP_DATA_UNORDERED)
1846 continue;
1847 skip_pos = sctp_get_skip_pos(&ftsn_skip_arr[0],
1848 nskips,
1849 chunk->subh.data_hdr->stream);
1850 ftsn_skip_arr[skip_pos].stream =
1851 chunk->subh.data_hdr->stream;
1852 ftsn_skip_arr[skip_pos].ssn =
1853 chunk->subh.data_hdr->ssn;
1854 if (skip_pos == nskips)
1855 nskips++;
1856 if (nskips == 10)
1857 break;
1858 } else
1859 break;
1860 }
1861 }
1862
1863 /* PR-SCTP C3) If, after step C1 and C2, the "Advanced.Peer.Ack.Point"
1864 * is greater than the Cumulative TSN ACK carried in the received
1865 * SACK, the data sender MUST send the data receiver a FORWARD TSN
1866 * chunk containing the latest value of the
1867 * "Advanced.Peer.Ack.Point".
1868 *
1869 * C4) For each "abandoned" TSN the sender of the FORWARD TSN SHOULD
1870 * list each stream and sequence number in the forwarded TSN. This
1871 * information will enable the receiver to easily find any
1872 * stranded TSN's waiting on stream reorder queues. Each stream
1873 * SHOULD only be reported once; this means that if multiple
1874 * abandoned messages occur in the same stream then only the
1875 * highest abandoned stream sequence number is reported. If the
1876 * total size of the FORWARD TSN does NOT fit in a single MTU then
1877 * the sender of the FORWARD TSN SHOULD lower the
1878 * Advanced.Peer.Ack.Point to the last TSN that will fit in a
1879 * single MTU.
1880 */
1881 if (asoc->adv_peer_ack_point > ctsn)
1882 ftsn_chunk = sctp_make_fwdtsn(asoc, asoc->adv_peer_ack_point,
1883 nskips, &ftsn_skip_arr[0]);
1884
1885 if (ftsn_chunk) {
1886 list_add_tail(&ftsn_chunk->list, &q->control_chunk_list);
1887 SCTP_INC_STATS(sock_net(asoc->base.sk), SCTP_MIB_OUTCTRLCHUNKS);
1888 }
1889 }
1890